High-risk reentrancy vulnerability in the sop function of the Weather contract. The vulnerability arises from external calls made within the function before modifying state variables. This sequence of operations could potentially allow for reentrancy attacks.
The vulnerability occurs in the sop function, where external calls are made to various functions such as C.bean().mint, C.bean().approve, and IWell(sopWell).swapFrom. These calls are followed by modifications to state variables in the rewardSop function. This pattern could enable reentrancy attacks if the called contracts re-enter the Weather contract before state modifications are completed.
Code snippet: (contracts/beanstalk/sun/SeasonFacet/Weather.sol#181-213)
The impact of this vulnerability is assessed as high. Successful exploitation could enable reentrancy attacks, allowing an attacker to manipulate the contract's state and exploit unintended behaviors.
The vulnerability was detected using the Slither tool, specifically its reentrancy vulnerability detection feature.
Apply Check-Effects-Interactions Pattern: Ensure that state modifications are performed before any external calls to prevent reentrancy attacks. Review the sequence of operations in the sop function to ensure that state modifications occur before any external calls.
Use ReentrancyGuard: Consider implementing the ReentrancyGuard pattern in the sop function and other relevant functions to prevent reentrancy attacks. This pattern can help mitigate the risk of reentrancy vulnerabilities by ensuring that functions are not re-entered recursively.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.